Well, maybe we should not put software in everything

Car's critical control systems don't need to have Internet access. If it needs updating, require a cable so it can be isolated from all the car electronics that do have remote access, like the radio.

My phone does not need to talk to my fucking toaster, refrigerator, MixMaster, light bulbs nor my door knobs. Nor to my pace maker. Again, need to offload data from a medical device? Require a cable or very very near field (encrypted) if it's an implant.

Just because one can put software in a flower pot to make it "smart", doesn't mean doing so does anyone any good.

Re: Well, maybe we should not put software in everything

I don't think it's realistic to expect car systems to be completely air-gapped, because a lot of features in current cars rely on getting information from the ECU -- e.g., services like On*Star need to detect airbag deployment and be able to pull trouble codes; satnav systems sometimes use speed and steering wheel angle data to improve accuracy. But I think more attention needs to be payed to security on interfaces like CANBUS. Ideally each module would have a whitelist that allowed only certain commands from particular modules. e.g., maybe the On*Star module has only read-only access to the ECU, but enough read/write access to the chassis computer to command it to open the door locks. That would at least lessen the impact of a compromise. OTA updates should be out of the question.

It's also worth noting that air-gapping doesn't necessarily make badly written software *safe*, as Toyota demonstrated. There are more threats involved here than just hackers.

Re: Well, maybe we should not put software in everything

@Orv: there is an idea of a "data diode", where data can go just one way, but not the other. So it is possible to extract the data without being able to influence the systems that provide it.

And sure, it's possible that the "diode" will be badly designed and you will be able to overload it or crack it to influence ECU from the entertainment system, at least it won't be simple. Car makers need to start designing for security, not only safety.

Re: Well, maybe we should not put software in everything

Re: Well, maybe we should not put software in everything

@ Tomato42

An optical data diode, where an LED blinks at a phototransistor, especially where each side of the optical link has a separate power supply, is pretty damn good as a "one way" data link. There are even analog versions. They have been around for decades, usually as a form of "opto isolator". You can even find power supplies isolated this way. In the early 1990's, I worked for a company where for EMF shielding purposes, we bought power supplies that basically were a laser fired up an optical cable into a solar cell. The output of the solar cell was locally voltage regulated & filtered. Isolated the power supply damn well from the mains, as there wasn't even a common ground..

Re: Well, maybe we should not put software in everything

Real time software is engineering that just happens to have a logic component implemented in software. Unlike a typical desktop application its not a standalone program but a component in an overall system and to understand the code you have to understand the system. Its one of those things that's obvious to practitioners but difficult to explain to people who mostly write applications (and why its so difficult to find people who can write this type of code).

Contrary to popular belief it is really easy to make reliable real-time code and its also easy to prevent it from being corrupted. That these things happen is caused by sloppy software engineering -- or rather, the invasion of applications programming techniques into components where they don't belong.

Re: Well, maybe we should not put software in everything

@Tornado42,

Car systems already use "data diodes" to separate critical systems from non-critical stuff like the radio, etc. They're generally not optical as one normally perceives a data diode, but they aim to accomplish the same end result.

Mistakes in implementing this separation is what cost Fiat-Chrysler a $500million fine.

IoT = Idiocy of Things

Re: Well, maybe we should not put software in everything

"Or maybe we should just code everything outside the grasping jurisdiction of the US."

You think there is something unique about the US government that makes it a threat to liberty beyond all others?

ALL governments are like this. Government is inherently evil; a necessary evil, but evil all the same. The more power a government has, the more power it wants, and the more likely it is to use that power to get still more power. Those in power begin to have a conceit where they believe their judgment is better than everyone else's, and that the world is genuinely in need of anything that would substitute their insights for those of the unwashed masses (us).

What do you think we oft-downvoted people have been trying to tell you folks that seem to think that more government involvement in any given area solves problems? Government is not the answer to problems... it's the cause of them! The more you clamor for government to regulate this or that, the more you convince the government creatures that modern society demands that our "betters" make all the decisions for us, what with us being so bad at it and all.

Since government is a necessary evil, we can't get rid of it, but we can make it less likely to get powerful enough to do what this article discusses. When the US was formed, it was to be a federation of the states. Most governing would be done at the state level, with only a few specifically noted powers that were the exclusive domain of the federal government (federal, meaning related to a federation). The idea was to keep the power decentralized and the fed relatively weak, so that it would lack the power to do things like what we're talking about here.

Over the decades and centuries it has grown into a de facto national government, with only a few vestigial remnants of the federalism that was the basis upon which the entire country was founded. Now it's this out of control juggernaut that just does whatever it wants, regardless of what anyone wants (even the president). Any government WILL get to that stage and beyond if you allow it.

If you see any parallels between the US government of time past and the current EU, you win the "I've been paying attention" award for today. The EU is a federation where most of the government is supposed to be done at the state level too (as in nation-state), but like the US government, it's evolving, consolidating its power one step at a time, replacing the sovereignty of the member states with its own.

You don't want to let any government get that powerful. Take any one government in the world and grant it the power the US government has, and I guarantee you it will behave no better than the US government does, and possibly a lot worse (depending on which one you picked).

Re: Well, maybe we should not put software in everything

Re: Well, maybe we should not put software in everything

"Real time software is engineering that just happens to have a logic component implemented in software. ...Contrary to popular belief it is really easy to make reliable real-time code and its also easy to prevent it from being corrupted."

Why not implement it in hardware with an ASIC? Presumably in order to be able to make maintenance changes later. And that way lies a risk. The initial design might be well written reliable code but all too often maintenance is seen as a not very interesting job that gets given to juniors and gradually your original well written reliable code becomes badly structured not very reliable code.

Re: Well, maybe we should not put software in everything

Your car's software will absolutely, soon enough require some form of net access. For self-driving cars to work to their full and safe potential, they will unquestionably need to talk to and listen to other cars in the vicinity ("Hard braking 170 yards ahead, pedestrian incursion: preliminary slowing NOW"); to be advised of aggregated data from cars far distant ("Road to hell is very slow for 30 miles northbound: take THIS alternate route"); and oversight traffic management systems ("Do not enter Central London at this time, a bomb scare is in progress").

Building an extremely secure hack-resistant system is of the highest importance. And yet another example of why strong crypto, i.e. without idiot government's "good-guys-only back doors", is absolutely critical. If your car's gonna take the alternate route to that important meeting, you need to be able to trust the information it's based on.

Re: Well, maybe we should not put software in everything

Re: Well, maybe we should not put software in everything

I don't think it's realistic to expect car systems to be completely air-gapped, because a lot of features in current cars rely on getting information from the ECU -- e.g., services like On*Star need to detect airbag deployment and be able to pull trouble codes; satnav systems sometimes use speed and steering wheel angle data to improve accuracy.

It is a question of trade-offs. e.g. If you want a sat-nav able to read speed and steering angle from the engine, then you should be prepared to accept the trade-off of dying horribly in a hacker-generated car crash.

Re: Well, maybe we should not put software in everything

>You think there is something unique about the US government that makes it a threat to liberty beyond all others?

Er, yes. You mention it yourself - power. As we know, power tends to corrupt, and the USA is the most powerful nation the world has ever seen. How could we imagine that it could be other than the most corrupt?

Re: Well, maybe we should not put software in everything

It is a question of trade-offs. e.g. If you want a sat-nav able to read speed and steering angle from the engine, then you should be prepared to accept the trade-off of dying horribly in a hacker-generated car crash.

Why would a sat nav being able to "read speed and steering angle" allow hacker generated car crashes? If the sat nav could in turn control the vehicle's speed or direction then, yes, but otherwise these should just be additional input data streams into the sat nav's system.

Re: Well, maybe we should not put software in everything

Re: Well, maybe we should not put software in everything

Um. Because, what, other governments don't have a track record of regulating things that have an impact on human safety? There's no food standards agencies in other countries? Health and safety agencies? Hazardous chemical regulation?

Re: Well, maybe we should not put software in everything

"Or maybe we should just code everything outside the grasping jurisdiction of the US."

Or, for those inside the USA, to express OUTRAGE to politicians when necessary (in the form of direct mailing - a well crafted independent hardcopy snail-mailed letter actually has a pretty good impact, because you took the time to do it), and to put everything you do in public places so it can't be erased, EVAR.

and include some legal disclaimers like "AS-IS" and "NO LIABILITY" in the accompanying docs.

GPL already has something like that in there, last I looked.

it's not easy to govern against the will of the governed. it ultimately FAILS. And the LAST thing we need in the world of SOFTWARE is GOVERNMENTIUM. The 2nd last is a tollbooth, but Micro-shaft seems hell-bent on making THAT happen with their 'certification', but I digress...

Re: Well, maybe we should not put software in everything

Just because something is Read Only doesn't mean you can't write to it. There are well-documented instances of power rail fluctuations on one system affecting adjacent systems in a way that can be predicted and harnessed.

Casual observers can look at hardware/software and see nothing wrong with it. At the next layer down PCB designers will have a different perspective on that.

Real-world example: You can look at a London Underground signalling circuit diagram and ascertain there is nothing on that circuit which could possibly show a green signal when a red one should be shown. However, when you consider various failure modes and the effect of spurious external stimulii you will begin to understand why there is a possibility that it might happen, and why signal engineers seem to go to paranoid lengths to ensure that never occurs. Going to the extent of such things as generating an alternating current frequency (125Hz) that is not harmonically related to the normal AC mains for example.

Real-Time is difficult because of failure-modes and external stimulii.

Re: "unique US government threat to liberty"

Certainly the hysterical paranoia over "terrorism" (that thing that's 17,600 times less likely to kill you than heart disease) is not unique to America. Uniquely belligerent, yes, but not entirely unique.

And the US government is also not unique in its violation of civil liberties, but (again) its violations are far more pervasive (basically the entire planet), largely due to being better funded (trillions of taxpayers' dollars).

Basically, the US is a uniquely belligerent warmonger, that has declared everything even remotely not American to be "the enemy", then for good measure included everything that is American anyway (i.e. the entire population of the US), just in case, by militarising the police, having the highest slavery "incarceration" rate in the world, then spying on everyone for good measure. It isn't the only violator, but it is easily the worst, quantitatively speaking.

Is this the inevitable consequence of government - any government - in principle?

No, not really.

When was the last time Denmark bombed, invaded and occupied anywhere, for example? When did Sweden blatantly lie about WMDs, then use that lie as a pretext to commit genocide on millions of innocent civilians? When did Iceland bail out the criminal bankers that brought us this grim era of "austerity", then declare war on the poor ("If you feed them, you breed them")? When did Norway commit collateral murder on children using killer drones? How many "regime change" operations has New Zealand conducted recently? How many "black sites" does Belgium currently use for kidnapping "extraordinary rendition" and torture "enhanced interrogation", on average? How many nuclear weapons has Finland dropped on civilian populations recently? How many Cold Wars have been created by the Netherlands, then used as a template for neoliberal policy to infest the rest of the world through "special relationships" and "trade deals"? How much illegal surveillance does Switzerland conduct on US (or any other) citizens, approximately?

The principle of government is not the problem, it's just one government in particular, one that lacks any accountability, because it isn't even remotely democratic, it's mostly controlled by corporate lobbyists.

Re: Well, maybe we should not put software in everything

Why would a sat nav being able to "read speed and steering angle" allow hacker generated car crashes? If the sat nav could in turn control the vehicle's speed or direction then, yes, but otherwise these should just be additional input data streams into the sat nav's system.

If the car just passively broadcast this information without any communication from the sat nav to the car, then fine, but that isn't the usual design philosophy.

A typical architecture is a bidirectional data link where the car receives commands and responds to them. If there is a route to access safety critical systems in the car from anything connected to the Internet (which a sat nav might very well be), you could not be confident that the car could never respond to carefully crafted malign commands. These might do things like interfere with the steering or vehicle speed.

It might not be what the automobile systems designers intended, but building secure systems is extraordinarily hard, and this sort of attack has already been demonstrated, for example https://www.theregister.co.uk/2015/07/21/jeep_patch/

Re: Well, maybe we should not put software in everything

e.g., services like On*Star need to detect airbag deployment and be able to pull trouble codes;

That sort of thing doesn't need write-access to other system memory though! Back in my BBS days my autoexec.bat file looked for various "flag files" which would be created before the machine was rebooted for various events, eg weekly system maintenance - effectively "If exist maint.flg call maint.bat"

The content of "maint.flg" could be anything, the existence of the file was the critical thing.

Of course, things like pulling codes can be done just as easily - the OnStar tracking system can monitor the content of files that get updated by other systems as needed - RO to OnStar but writeable to what needs it. And FFS check sizes. If you're expecting a single byte then read no more than a byte.

(Yes, I do know bounds checking etc can be tricky and there can be things you never consider that become common place in RealWorld situations - but some limits aren't that hard to code and decent effort should be taken!)

Actually much of the concerns over car computer failures would be quickly dispelled if this drive-by-wire sillyness was done away with. Steering and brakes directly connected please, and if necessary a "hard stomp on brakes shuts off power to fuel pump, injectors, and (for petrol engines) ignition system" system. Physical isolation, not some electronic jiggery-faultery.

Re: Well, maybe we should not put software in everything

"Car's critical control systems don't need to have Internet access."

Oh, but you're wrong. TERRORISTS/CRIMINALS can drive a car, so they need to be stopped. [1] Possession may be 90% of the law but if you don't pay your bill you're not going anywhere in it. [2] Car out of internet signal range? No problem. [3] And it's great for insurance companies. [4]

No internet connected pacemaker? What are you, a anti-job Luddite? [5] Just THINK of the jobs you're denying: creating the device, securing the device, the ISP, WiFi support, and then RE-securing things after a remote break-in. Also: with a pacemaker embedded virus you give the "a computer virus isn't actually a virus, people can't get affected with it" line a whole new life.

And then the retailer coup de grace: You're still got that old thing? It's last years model, nobody wants those anymore. You're lucky I'm still around to take it off your hands to take if off your hands for nothing IF you buy the new one. Just think what your friends will think when they see you with this new one!

OK so just data, no internet in this one. But just think how handy it would be to connect your pacemaker, FitBit, phone GPS, and diet monitor together. The system could see how hard you're exercising (and heart beating) and know where you are. In case of a a heart attack (no movement / steps / heartbeat) they could auto-call the nearest ambulance. If they find you running hard on the wrong side of the tracks they could call the police with your location. (And with smart clothes, even what you're wearing!) And as a great joke on a friend, just think about the internet connected bionic penis!

Re: Well, maybe we should not put software in everything

Re: Well, maybe we should not put software in everything

> You think there is something unique about the US government that makes it a threat to liberty beyond all others?

Yes, raw power and world influence combined with awareness of them.

Governments of small countries may be equally evil. But their ability to influence global developments (such as IoT) is pretty limited and they rarely think and act on world scale. And yes, the US is not even really *unique* in this regard, but still a member of a very small select group.

Re: Value!

Re: Value!

Yes, the entire concept of "creating value" is a farce. In reality, it means spending a (ideally) small amount of your own money to take a (again, ideally) larger amount of somebody else's money. The total "value" in the system doesn't actually change, it just gets moved around, except in the sense that the stuff this "value" comprises is increasingly trivial junk (First World solutions to First World problems), and therefore it's probably more accurate to say that, overall, the practical value of everything is actually being diminished, not improved.

Re: Value!

Thats not a lot considering billy hedge-door is gonna be a trillionaire soon, and how much money have all those businesses running windows generated because of windows? Even the windows bugs are making money!

Re: Value!

Traveling in the Donner Pass Has Improved

> Donner Pass on Monday evening. The trip at least was less arduous than it was last year, he said.

In olde times, it happened that people were stranded in the snow there for the winter, freezing to death, and needing to eat dead bodies to survive. So, I would call this a continuously better progression.

Motivation?

""Nothing motivates the US government like fear," he added, pointing to 9/11 and creation of the Department of Homeland Security."

Sorry, Bruce. Nothing motivates the US government and the contractors and the lackeys and the mongers and the forces against transparency as fear. They live on it. They glory in it. They promote it. They profit on it.

FEAR. Fear about those Russki's (well not now, with Trump being in Vlad's front pocket.). Fear about turbans and beards. Fear about free speech and questions at news conferences. Fear about rapists (well, isn't the president one?), fear about people south of the border.

Used to be there was some positive emotions about how the US could actually be a melting pot. It could have whites/blacks/browns/atheists/non-atheists living on the same block. Used to be Woody Guthrie could sing something like, Come on people, Let's get together.

Re: "Not in Trump's world"

In fairness, the "world" in question predates Trump's reign by several decades. Indeed I don't see much evidence that it has ever been any other way. The only difference is now the slaves sew mailbags instead of picking cotton.

Re: Motivation?

Actually, that's more in Trump's world than the previous ones, but you'd never get that from the media. They have only one weapon, and that's personal destruction... and they're using it liberally.

Draining the swamp necessarily enrages every resident of the swamp, and the media that give you the "news" definitely fit into that category. The screams of horror and fear and outrage you hear from the media aren't the truth! They are the distress calls from swamp creatures that fear that he may actually do what he set out to do.

This was never going to be neat and clean... the corruption that formed the swamp has built up over decades, and it's not going to go down without a fight. Hillary Clinton is probably the swampiest swamp creature to run for office in decades (and that includes the times Richard Nixon ran), and all of the Republican candidates other than Trump were from the same neighborhood. Bernie wasn't, but his rapid re-education, sellout, and subsequent show of support for Hillary and the very same Democratic party that fixed the primaries to ensure he would lose indicates how quickly he would have gotten there if he'd won. That, and he's a little nutty and out of touch with reality if he actually believes the inane, childlike statements he makes.

It's been swamp creature after swamp creature that have gotten us to where we are; do you really think electing someone who epitomizes everything that is wrong with politics was going to make things better?

Trump has made a number of clumsy mistakes and misstatements as an inexperienced non-politician, but no non-pol without a massive ego and a bombastic personality to match was ever going to walk in, tell the electorate that he can do better than an actual pol, and WIN. Yes, he can be a boor. He's petty. He's willing to wallow in the mud by counterattacking those who attack him first, which is unseemly and unpresidential. The thing is, though, that he did not win despite those things; he won because of them.

People are sick to death of the status quo, where professional politician after professional politician promises the world, then gets into office and does pretty much what the last guy did. They've begun to realize it's all a shell game, and they've all been had. Repeatedly. The purpose of the two-party system seems to be to give the appearance of a healthy public debate of ideas, and of people having a real choice between contrasting candidates, but the reality is that our choices boil down to one or the other candidate from the official party, the establishment party, of which the Democrats and most Republicans as well are simply puppets.

Lots of candidates say they're different. Hell, most of them do. They're not, though. Outsider candidates like Bernie and Trump are supposed to be weeded out by a system wholly owned for, and for the benefit of, the establishment. It worked as designed when it dispatched Bernie, but when it fired its cannons at Trump, he didn't do what Republican candidates are supposed to do (duck and cover and go on the defensive).

Trump was too egotistical and petty to do that; he instead hit back with his New York street-brawler style, and the truth of another old adage was made apparent: When you go on the defensive, you LOSE. That's why the establishment machine is all about the first strike; it's about putting the enemy on the defensive. The funny thing about human nature is that if you hear a person say, "I'm not a stamp collector," you'll then associate that person with stamp collecting, and even though the association was one of denial, in your head they're associated. You don't win by denying something over and over! You only reinforce the claim of the accusation you're trying to refute.

That's where Trump's lack of polish, decorum, and political experience worked for him. When he was hit with massive salvos of attacks from the media (a division of the Hillary Clinton for President company), his ego would not let him apologize and genuflect like Republicans generally do. He went on the offensive and hit them back-- and in doing so, he countered the accusations people made about him with counter-accusations about his accusers. He didn't reinforce the accusations about himself by denying them; he balanced the scale by making it a he-said, she-said situation.

No one but someone as petty and egotistical as Trump was going to beat the personal destruction machine of the establishment. That's why he won. Anyone who was more genteel or sophisticated would have been destroyed by half of what the establishment threw at Trump. And it's not over just because Trump won and was inaugurated! The anti-Trump campaign continues, and will continue for every moment he's in office. It's nothing but one lie after another, but what else is new?

The establishment media is an arm of the Democratic party, and they're not going to start being fair now. They've watched, astonished, as Trump not only survived their withering attacks, but thrived in them. Their response is to launch even more of the same, in the hopes that somehow doing the same thing is going to have a different effect this time. A more traditional president might begin to give in to the attackers and dial back his rhetoric, but Trump wasn't brawling with his critics because that was his considered campaign strategy. He was doing it because that's who he is-- and still is. And just as it propelled him to 1600 Pennsylvania Avenue, their continued litany of dishonest attacks on him will continue to backfire on the media (which polls at historical lows of trustworthiness) and render their continued attacks more and more irrelevant, as more and more people realize that the western media are no better than Pravda during the Soviet era.

Flawed as he may be, Trump's the only shot we have at ending the government as usual that got us to where we are. And by "we," I mean the world, not just Americans. No one that wasn't petty and egotistical was ever going to make it past the establishment sentries. It was either this or more of the same kind of politician we've had for decades.

Re: Motivation?

This is a bit unfair to the Democrats. A considerable part of the Republican party is as much "establishment" as any Democrat. Despite their private horror of Donald Trump they have gone along so far because the power to organize the Senate and House of Representatives is a good thing from their viewpoint, and even better with a nominal Republican as president.